Explore the intricacies of Chrome's security architecture and learn how to break out of its sandbox using Mojo in this 36-minute Black Hat conference talk. Delve into the challenges faced after exploiting a Chrome renderer vulnerability, including restricted access to OS resources and enforced site isolation. Discover how IPC services, designed to provide necessary functionality to the renderer process, can become potential targets for sandbox escapes. Gain insights from security researcher Stephen Röttger as he dissects the Chrome sandbox and demonstrates advanced techniques for bypassing its robust security measures.
Overview
Syllabus
Breaking the Chrome Sandbox with Mojo
Taught by
Black Hat